CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8719
https://notcve.org/view.php?id=CVE-2015-8719
The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_dns_answer en epan/dissectors/packet-dns.c en el disector DNS en Wireshark 1.12.x en versiones anteriores a 1.12.9 no maneja correctamente la opción EDNS0 Client Subnet, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79816 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-38.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=30651ab18b42e666f57ea239e58f3ff3a5e9c4ad https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8720
https://notcve.org/view.php?id=CVE-2015-8720
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_ber_GeneralizedTime en epan/dissectors/packet-ber.c en el disector BER en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 verifica indebidamente un valor de retorno sscanf, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-39.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=921bb07115fbffc081ec56a5022b4a9d58db6d39 https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8721
https://notcve.org/view.php?id=CVE-2015-8721
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. Desbordamiento de buffer en la función tvb_uncompress en epan/tvbuff_zlib.c en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete con compresión zlib manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-40.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cec0593ae6c3bca65eff65741c2a10f3de3e0afe https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8722
https://notcve.org/view.php?id=CVE-2015-8722
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-sctp.c en el disector SCTP en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida el puntero del frame, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-41.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1b32d505a59475d51d9b2bed5f0869d2d154e8b6 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh&# • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2015-8723 – Wireshark - AirPDcapPacketProcess Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-8723
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. La función AirPDcapPacketProcess en epan/crypt/airpdcap.c en el disector 802.11 en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida la relación entre la longitud total y la longitud de caputra, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en pila y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/39005 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-42.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b283181c63cb28bc6f58d80315eccca6650da0 https://security.gentoo.o • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •